From 52d9d07422421dddc2ae8b1448e3ff936b55dc82 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 23 Dec 2020 13:32:30 +0530 Subject: [PATCH] esp_tls_wolfssl : Add domain name check --- components/esp-tls/esp_tls_wolfssl.c | 30 ++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/components/esp-tls/esp_tls_wolfssl.c b/components/esp-tls/esp_tls_wolfssl.c index d52d210aba..4396784cc6 100644 --- a/components/esp-tls/esp_tls_wolfssl.c +++ b/components/esp-tls/esp_tls_wolfssl.c @@ -55,6 +55,26 @@ int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void * goto exit; } + if (!cfg->skip_common_name) { + char *use_host = NULL; + if (cfg->common_name != NULL) { + use_host = strdup(cfg->common_name); + } else { + use_host = strndup(hostname, hostlen); + } + if (use_host == NULL) { + return ESP_ERR_NO_MEM; + } + /* Hostname set here should match CN in server certificate */ + if ((ret = (wolfSSL_check_domain_name( (WOLFSSL *)tls->priv_ssl, use_host))) != WOLFSSL_SUCCESS) { + ESP_LOGE(TAG, "wolfSSL_check_domain_name returned -0x%x", -ret); + ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_WOLFSSL, -ret); + free(use_host); + return ESP_FAIL; + } + free(use_host); + } + #ifdef HAVE_ALPN if (cfg->alpn_protos) { char **alpn_list = (char **)cfg->alpn_protos; @@ -96,16 +116,6 @@ int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void * goto exit; } -#ifdef HAVE_SNI - /* Hostname set here should match CN in server certificate */ - char *use_host = strndup(hostname, hostlen); - if (!use_host) { - goto exit; - } - wolfSSL_set_tlsext_host_name( (WOLFSSL *)tls->priv_ssl, use_host); - free(use_host); -#endif - wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd); return 0; exit: